CVE-2026-10118
HighCVSS 7.8Exploitation Probability (EPSS)
Low risk16th percentile - higher than 16% of all known CVEs
Summary
An integer overflow vulnerability was found in Poppler's Splash backend in the `tilingPatternFill` function. A remote attacker can exploit a crafted PDF file, leading to undersized heap allocation and subsequent out-of-bounds write.
Risk Assessment
Successful exploitation could allow arbitrary code execution, information disclosure, or denial of service in the context of the application processing the PDF.
Recommendation
Update Poppler to the latest patched version immediately. Consider restricting processing of untrusted PDF files.
Original NVD description (English source)
A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the `tilingPatternFill` function. This overflow leads to an undersized heap memory allocation, allowing a subsequent out-of-bounds write. Successful exploitation could result in arbitrary code execution, information disclosure, or denial of service within the context of the application processing the PDF.

